Hi. Please could somebody offer me some assistance. I have a home LAN setup with 4 x TPLink Deco mesh routers with the main deco connected to my Virgin fibre (delivered through coax) modem. My decos are my main routers and the primary is my gateway on 10.0.0.254/16.
I want to connect an MT-2500A as a LAN connected device with a static IP of 10.0.8.1/16. I then want to port forward from my deco to the 2500 and ultimately configure this as a VPN server using WireGuard so that I can access my home network remotely. I don’t want to disturb my network and place it between my VM modem and the main deco.
I can easily change the MT2500 LAN IP to 10.0.8.1/16. I can ping it and access it when my laptop is connected to the same switch. However, when I move the 2500 to another switch, I can no longer ping it or http access it. If I swap them around and move the laptop to the other switch, I still cannot access it. Only when on the same switch.
Without being to do the most basic thing of having the device fully visible on my network, I have no hope of configuring the VPN side of it.
Is this some weird setting in the MT2500? I have never experienced this before. Everything is on the same flat network and network mask (/16).
Any suggestions on the best config please?
Thanks
You should set a static IP on WAN of MT-2500A, and connect to your network.
As wan is where its OpenVPN server serves.
And open firewall port 80 to access the Admin panel.
Hi there. The 2nd line of your reply was especially useful, thanks, and helped me to understand better what I was doing.
The place I am at now is that I can access the admin panel only when I am plugged into the LAN port via a laptop on the 192.168.8.0 network, but not from via the WAN port which has a LAN address from my router DHCP pool (which I have reserved - 10.0.0.111/16). I don’t understand why this is the case, especially as I have the port open on its firewall.
The other issue is that although I can now establish a VPN to the device from an outside network (using Wireguard as the server and port forwarding to the MT2500), and I can indeed see the client connection established from the admin console, my remote device cannot access anything on the LAN other than the admin console itself. Clearly some sort of routing or default gateway config, but I cannot see where.
Any further advice please? I am so close now.
Have enabled “Allow Remote Access LAN” at page: VPN Dashboard - VPN Server - WireGuard Server Options
Hi. Yes. Already enabled. I just don’t understand why it won’t work. The VPN connects fine and remains stable. I just can’t see anything else on the network apart from the VPN server 
What is the target IP you want to access?
And if your wireguard client is a another MT2500 please use global proxy mode instead of auto detect mode.
Thanks for sticking with me. Although I do have a few specific target IP’s, I ideally want to be dropped onto the same LAN so that I can access anything on it. Everything on my home LAN is on the same 10.0.0.0/16 network, including the MT2500 which is on 10.0.0.111/16 via the WAN port with a 51820 port froward from my router. The wireguard server on the MT2500 is providing clients IP addresses on 10.0.8.0/16 (same network). Clients are things like iphone, ipad, laptop, not another MT2500.
Perhaps I am trying to do something it cannot do? I currently have a QNAP NAS that I have an L2TP VPN configured in a similar manner network-wise, and I am able to access my entire LAN remotely via that, but I want to decommission it.
Try to change wireguad server ip range from the default 10.0.0.x
I don’t have a topology to verify that. I guess it’s routing issue.
Thank you so much for staying with me. It is now sorted with thanks to your clues. I was basically being an idiot and trying to route via the VPN to the same network. Once I did as you suggested, and changed the Wireguard server IP range to be 192.168.9.0/24, and then added a static route for 10.0.0.0/16 via the gateway of 192.168.9.1. it all started working. Many thanks.
1 Like
